CVE-2007-1225

CVE-2007-1225 affects Grok Developments NetProxy 4.03. The log file implementation fails to record requests that omit the http:// prefix in URLs, which could allow remote attackers to conduct unauthorized activities and evade detection. CVSSv2 metrics note a base score of 10.0 (AV:N/AC:L/Au:N/C:C...

CVE-2007-1225

The connection log file implementation in Grok Developments NetProxy 4.03 does not record requests that omit http:// in a URL, which might allow remote attackers to conduct unauthorized activities and avoid detection...

Design/Logic Flaw

A certain ActiveX control in sapi.dll aka the Speech API in Speech Components in Microsoft Windows Vista, when the Speech Recognition feature is enabled, allows user-assisted remote attackers to delete arbitrary files, and conduct other unauthorized activities, via a web page with an embedded sou...

CVE-2007-0675

A certain ActiveX control in sapi.dll aka the Speech API in Speech Components in Microsoft Windows Vista, when the Speech Recognition feature is enabled, allows user-assisted remote attackers to delete arbitrary files, and conduct other unauthorized activities, via a web page with an embedded sou...

Cross site scripting

Variable overwrite vulnerability in interface/globals.php in OpenEMR 2.8.2 and earlier allows remote attackers to overwrite arbitrary program variables and conduct other unauthorized activities, such as conduct a remote file inclusion attacks via the srcdir parameter in custom/importxml.php or b...

CVE-2007-0649

CVE-2007-0649 affects OpenEMR 2.8.2 and earlier. A variable overwrite vulnerability in interface/globals.php allows remote attackers to overwrite arbitrary program variables and perform other actions. Related vectors include (a) remote file inclusion via the srcdir parameter in custom/import_xml....

Buffer overflow

Variable overwrite vulnerability in common/config.php in Aztek Forum 4.00 allows remote attackers to overwrite arbitrary program variables and conduct other unauthorized activities, such as copying arbitrary files using index/commonactions.php, via vectors associated with extract operations on th...

CVE-2007-0599

Variable overwrite vulnerability in common/config.php in Aztek Forum 4.00 allows remote attackers to overwrite arbitrary program variables and conduct other unauthorized activities, such as copying arbitrary files using index/commonactions.php, via vectors associated with extract operations on th...

CVE-2007-0599

CVE-2007-0599 affects Aztek Forum 4.00 and represents a variable overwrite vulnerability in common/config.php. The issue allows remote attackers to overwrite arbitrary program variables and perform other unauthorized actions, such as copying arbitrary files, by abusing extract operations on the P...

CVE-2006-6346

SAP Internet Graphics Service (IGS) affected: 6.40 Patchlevel 15 and earlier, and 7.00 Patchlevel 3 and earlier (CVE-2006-6346). Described as an unspecified vulnerability related to "Undocumented Features" that could allow remote attackers to cause a denial of service, obtain configuration files,...

CVE-2006-6346

Unspecified vulnerability in SAP Internet Graphics Service IGS 6.40 Patchlevel 15 and earlier, and 7.00 Patchlevel 3 and earlier, allows remote attackers to cause a denial of service service shutdown, obtain sensitive information configuration files, and conduct certain other unauthorized...

CVE-2006-5986

admin/options.php in Extreme CMS 0.9, and possibly earlier, does not require authentication, which might allow remote attackers to conduct unauthorized activities. NOTE: this issue can be combined with another vulnerability to expand the scope of a cross-site scripting XSS attack without...

Mandrake Linux Security Advisory : OpenOffice.org (MDKSA-2006:118)

OpenOffice.org 1.1.x up to 1.1.5 and 2.0.x before 2.0.3 allows user-complicit attackers to conduct unauthorized activities via an OpenOffice document with a malicious BASIC macro, which is executed without prompting the user. CVE-2006-2198 An unspecified vulnerability in Java Applets in...

Security feature bypass

Unspecified vulnerability in Java Applets in OpenOffice.org 1.1.x aka StarOffice up to 1.1.5 and 2.0.x before 2.0.3 allows user-assisted attackers to escape the Java sandbox and conduct unauthorized activities via certain applets in OpenOffice documents...

CVE-2006-2199

Unspecified vulnerability in Java Applets in OpenOffice.org 1.1.x aka StarOffice up to 1.1.5 and 2.0.x before 2.0.3 allows user-assisted attackers to escape the Java sandbox and conduct unauthorized activities via certain applets in OpenOffice documents...

CVE-2006-2199

Unspecified vulnerability in Java Applets in OpenOffice.org 1.1.x aka StarOffice up to 1.1.5 and 2.0.x before 2.0.3 allows user-assisted attackers to escape the Java sandbox and conduct unauthorized activities via certain applets in OpenOffice documents...

CVE-2006-2198

OpenOffice.org aka StarOffice 1.1.x up to 1.1.5 and 2.0.x before 2.0.3 allows user-assisted attackers to conduct unauthorized activities via an OpenOffice document with a malicious BASIC macro, which is executed without prompting the user...

Code injection

OpenOffice.org aka StarOffice 1.1.x up to 1.1.5 and 2.0.x before 2.0.3 allows user-assisted attackers to conduct unauthorized activities via an OpenOffice document with a malicious BASIC macro, which is executed without prompting the user...

EUVD-2006-2200

Unspecified vulnerability in Java Applets in OpenOffice.org 1.1.x aka StarOffice up to 1.1.5 and 2.0.x before 2.0.3 allows user-assisted attackers to escape the Java sandbox and conduct unauthorized activities via certain applets in OpenOffice documents...

CVE-2006-2198

CVE-2006-2198 affects OpenOffice.org/StarOffice from 1.1.x (up to 1.1.5) and 2.0.x before 2.0.3. A user‑supplied OpenOffice document containing a malicious BASIC macro can execute without prompting, enabling the macro to run with the current user’s privileges. This can lead to unauthorized activi...